Commit Graph

202329 Commits

Author SHA1 Message Date
Baptiste Daroussin
bbdee3ebde Reject usermod and userdel if the user concerned is not on the user database
supposed to be manipulated

This prevent pw usermod creating a new local user when requesting to usermod on
a username is defined in LDAP.

This issue only happens when modifying the local user database (not inpacting
commands when -V or -R are used).

PR:		187653
Submitted by:	tmwalaszek@gmail.com
2015-07-28 21:49:38 +00:00
Jean-Sébastien Pédron
133362912c drm/i915: Sort functions in i915_gem.c to match Linux 3.8's ordering
While here, reduce the style diff with Linux.

There is no functional change. The goal is to ease the future update to
Linux 3.8's i915 driver.

MFC after:	2 months
2015-07-28 21:47:37 +00:00
Bryan Drewery
b99a71b1da Fix rescue build after r284356 with STRIP= by using proper STRIPBIN per build(7).
This was causing the following error:

  rescue
  sh: rescue: not found
  *** [rescue] Error code 127

  make[1]: stopped in /usr/obj/usr/src/rescue/rescue

Sponsored by:	EMC / Isilon Storage Division
2015-07-28 21:39:58 +00:00
Baptiste Daroussin
90a4edb584 Check uid/gid used when creating a user/group are not larger than UID_MAX/GID_MAX
PR:		173977
Reported by:	nvass@gmx.com
2015-07-28 21:10:58 +00:00
Baptiste Daroussin
81e2ba845c Fix wrong warning printed after changing or updating NIS users
PR:		37672
Submitted by:	chris+freebsd@chrullrich.de
2015-07-28 20:52:10 +00:00
Jeff Roberson
38750ada8f - Eliminate the EMPTYKVA queue. It served as a cache of KVA allocations
attached to bufs to avoid the overhead of the vm.  This purposes is now
   better served by vmem.  Freeing the kva immediately when a buf is
   destroyed leads to lower fragmentation and a much simpler scan algorithm.

Reviewed by:	kib
Sponsored by:	EMC / Isilon Storage Division
2015-07-28 20:24:09 +00:00
Xin LI
3a0b9b7735 Fix multiple OpenSSH vulnerabilities.
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00
Xin LI
1e3e581593 Fix shell injection vulnerability in patch(1) and drop SCCS
support by replacing system() with execve().

Future revisions may remove the functionality completely.

Obtained from:	Bitrig
Security:	CVE-2015-1416
2015-07-28 19:58:36 +00:00
David C Somayajulu
ab97207add - Avoid lock contention in the if_transmit callback by using trylock and
enqueueing the frames when it fails. This way there is some latency
 removed from the transmitting path.
- If IFF_DRV_OACTIVE is set (and also if IFF_DRV_RUNNING is not) just
 enqueue the desired frames and return successful transmit. This way we
 avoid to return errors on transmit side and resulting in
 possible out-of-order frames. Please note that IFF_DRV_OACTIVE is set
 everytime we get the threshold ring hit, so this can be happening quite
 often.

Submitted by:	Attilio.Rao@isilon.com
MFC after:5 days
2015-07-28 19:15:44 +00:00
Bryan Drewery
75f66cde5c MFV r285970:
Apply upstream changeset bf4f6ec64e:

  Fix issue 356: properly skip a sparse file entry in a tar file.

PR:		201506
MFC after:	3 days
Relnotes:	yes
2015-07-28 18:41:28 +00:00
Bryan Drewery
25d3ca0980 Apply upstream changeset bf4f6ec64e:
Fix issue 356: properly skip a sparse file entry in a tar file.
2015-07-28 17:48:34 +00:00
Bryan Drewery
34f1f5d95e Apply upstream changeset fa9e61:
Fix --one-file-system to include the directory encountered rather than
excluding it.
2015-07-28 17:20:35 +00:00
Renato Botelho
299c819a75 Simplify logic added in r285945 as suggested by glebius
Approved by:	glebius
MFC after:	3 days
Sponsored by:	Netgate
2015-07-28 14:59:29 +00:00
Zbigniew Bodek
f4b37ed0f8 Import Annapurna Labs Alpine HAL to sys/contrib/
Import from vendor-sys/alpine-hal/2.7
SVN rev.: 285432
HAL version: 2.7

Obtained from:  Semihalf
Sponsored by:   Annapurna Labs
2015-07-28 14:20:33 +00:00
Gleb Smirnoff
3b82eb20f5 Fix the r272906 description. 2015-07-28 13:48:19 +00:00
Zbigniew Bodek
8b21d6ae5a Limit ofw_cpu_early_foreach() to CPUs only
On some platforms, the /cpus node contains cpu-to-cluster
map which deffinitely is not a CPU node. Its presence was
causing incrementing of "id" variable and reporting more
CPUs available than it should.
To make "id" valid, increment it only when an entry really
is a CPU device.

Reviewed by:   andrew
Obtained from: Semihalf
Sponsored by:  The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D3216
2015-07-28 13:16:08 +00:00
Ed Maste
93d8f98ac7 Remove claim that the OS is Darwin from lldb(1)
Reported by:	bapt
2015-07-28 13:09:16 +00:00
Ed Schouten
1d96fd8d9f Implement file attribute modification system calls for CloudABI.
CloudABI uses a system call interface to modify file attributes that is
more similar to KPI's/FUSE, namely where a stat structure is passed back
to the kernel, together with a bitmask of attributes that should be
changed. This would allow us to update any set of attributes atomically.

That said, I'd rather not go as far as to actually implement it that
way, as it would require us to duplicate more code than strictly needed.
Let's just stick to the combinations that are actually used by
cloudlibc.

Obtained from:	https://github.com/NuxiNL/freebsd
2015-07-28 12:57:19 +00:00
Baptiste Daroussin
87bf5e9212 when -n is passed to any pw subcommand it is always expected to be considered as
a name so do not try to convert it to an id if it is a numeric value

PR:		31933
Reported by:	ted@impulse.net
Sponsored by:	gandi.net
2015-07-28 12:20:57 +00:00
Steven Hartland
68d5f492de Correct typo in UPDATING message
MFC after:	3 days
Sponsored by:	Multiplay
2015-07-28 11:21:33 +00:00
Steven Hartland
1635369e99 Add warning about low KSTACK_PAGES for ZFS use
As ZFS requires a more kernel stack pages than is the default on some
architectures e.g. i386, warn if KSTACK_PAGES is less than
ZFS_MIN_KSTACK_PAGES (which is 4 at the time of writing).

MFC after:	3 days
Sponsored by:	Multiplay
2015-07-28 11:19:38 +00:00
Renato Botelho
b1b98a2db7 Respect pf rule log option before log dropped packets with IP options or
dangerous v6 headers

Reviewed by:	gnn, eri
Approved by:	gnn
Obtained from:	pfSense
MFC after:	3 days
Sponsored by:	Netgate
Differential Revision:	https://reviews.freebsd.org/D3222
2015-07-28 10:31:34 +00:00
Gleb Smirnoff
3e437fd2c6 Fix a typo in r280169. Of course we are interested in deleting nsn only
if we have just created it and we were the last reference.

Submitted by:	dhartmei
2015-07-28 09:36:26 +00:00
Michael Tuexen
9ae56375af Fix a typo reported by Erik Cederstrand.
MFC after: 	1 week
2015-07-28 08:50:13 +00:00
Hans Petter Selasky
ed0ed9b424 Optimise the DWC OTG host mode driver's receive path:
Remove NAKing limit and pause IN and OUT transactions for 125us in
case of NAK response for BULK and CONTROL endpoints. This gets the
receive latency down and improves USB network throughput at the cost
of some CPU usage.

MFC after:	1 month
2015-07-28 07:30:07 +00:00
Konstantin Belousov
1d1ec02c44 Remove full barrier from the amd64 atomic_load_acq_*(). Strong
ordering semantic of x86 CPUs makes only the compiler barrier
neccessary to give the acquire behaviour.

Existing implementation ensured sequentially consistent semantic for
load_acq, making much stronger guarantee than required by standard's
definition of the load acquire.  Consumers which depend on the barrier
are believed to be identified and already fixed to use proper
operations.

Noted by:	alc (long time ago)
Reviewed by:	alc, bde
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2015-07-28 07:04:51 +00:00
Konstantin Belousov
b4c0214605 Remove useless acquire semantic from the atomic_add operation before
sosend().  The only release on the xp_snt_cnt is done after sosend(),
with an intent to synchronize with load_acq in svc_vc_ack().

Reviewed by:	alc
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2015-07-28 06:58:10 +00:00
Konstantin Belousov
90a2db45eb Add bit names for the IA32_MISC_ENABLE msr.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2015-07-28 06:55:08 +00:00
Ed Schouten
29515a68a5 Implement directory and FIFO creation.
The file_create() system call can be used to create files of a given
type. Right now it can only be used to create directories and FIFOs. As
CloudABI does not expose filesystem permissions, this system call lacks
a mode argument. Simply use 0777 or 0666 depending on the file type.
2015-07-28 06:50:47 +00:00
Ed Schouten
cec575201a Make fstat() and friends work.
Summary:
CloudABI provides access to two different stat structures:

- fdstat, containing file descriptor level status: oflags, file
  descriptor type and Capsicum rights, used by cap_rights_get(),
  fcntl(F_GETFL), getsockopt(SO_TYPE).
- filestat, containing your regular file status: timestamps, inode
  number, used by fstat().

Unlike FreeBSD's stat::st_mode, CloudABI file descriptor types don't
have overloaded meanings (e.g., returning S_ISCHR() for kqueues). Add a
utility function to extract the type of a file descriptor accurately.

CloudABI does not work with O_ACCMODEs. File descriptors have two sets
of Capsicum-style rights: rights that apply to the file descriptor
itself ('base') and rights that apply to any new file descriptors
yielded through openat() ('inheriting'). Though not perfect, we can
pretty safely decompose Capsicum rights to such a pair. This is done in
convert_capabilities().

Test Plan: Tests for these system calls are fairly extensive in cloudlibc.

Reviewers: jonathan, mjg, #manpages

Reviewed By: mjg

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D3171
2015-07-28 06:36:49 +00:00
Marcel Moolenaar
f40c76d8de Check the sync operation. 2015-07-28 04:54:05 +00:00
Marcelo Araujo
033af09de1 Staticfy and constify some variables and clean up the code a bit to make it
more readable. No functional change.

Differential Revision:	D3166
Reviewed by:		kib
Sponsored by:		gandi.net
2015-07-28 02:32:40 +00:00
Michael Tuexen
267dbe63a1 Provide consistent error causes whenever an ABORT chunk is sent.
MFC after:	1 week
2015-07-27 22:35:54 +00:00
Xin LI
7d477dc35a Rewrite scan procedure with a FSM. This improves code readability by
making clear transits between different states, and avoids bug with
handling repeated $'s.

Reviewed by:	bapt
Differential Revision: https://reviews.freebsd.org/D3221
2015-07-27 19:21:23 +00:00
Marius Strobl
43bc87c459 - Move the remainder of host controller capability registers reading from
xhci_start_controller() to xhci_init(). These values don't change at run-
  time so there's no point of acquiring them on every USB_HW_POWER_RESUME
  instead of only once during initialization. In r276717, reading the first
  couple of registers in question already had been moved as a prerequisite
  for the changes in that revision.
- Identify ASMedia ASM1042A controllers.
- Use NULL instead of 0 for pointers.

MFC after:	3 days
2015-07-27 15:26:50 +00:00
Marius Strobl
891c57d8a9 - Fix compilation after r285909 with USB_DEBUG defined.
- Regenerate usb.conf.
2015-07-27 14:43:14 +00:00
Marius Strobl
d75accb539 - Use __FBSDID().
- Const'ify cons_to_vga_colors.
- Fix line wrapping.

MFC after:	3 days
2015-07-27 14:34:32 +00:00
Marius Strobl
0309276c28 - Nuke dupe $FreeBSD$.
- Fix whitespace.

MFC after:	3 days
2015-07-27 14:03:34 +00:00
Ed Schouten
b114aa7959 Make shutdown() return ENOTCONN as required by POSIX, part deux.
Summary:
Back in 2005, maxim@ attempted to fix shutdown() to return ENOTCONN in case the socket was not connected (r150152). This had to be rolled back (r150155), as it broke some of the existing programs that depend on this behavior. I reapplied this change on my system and indeed, syslogd failed to start up. I fixed this back in February (279016) and MFC'ed it to the supported stable branches. Apart from that, things seem to work out all right.

Since at least Linux and Mac OS X do the right thing, I'd like to go ahead and give this another try. To keep old copies of syslogd working, only start returning ENOTCONN for recent binaries.

I took a look at the XNU sources and they seem to test against both SS_ISCONNECTED, SS_ISCONNECTING and SS_ISDISCONNECTING, instead of just SS_ISCONNECTED. That seams reasonable, so let's do the same.

Test Plan:
This issue was uncovered while writing tests for shutdown() in CloudABI:

https://github.com/NuxiNL/cloudlibc/blob/master/src/libc/sys/socket/shutdown_test.c#L26

Reviewers: glebius, rwatson, #manpages, gnn, #network

Reviewed By: gnn, #network

Subscribers: bms, mjg, imp

Differential Revision: https://reviews.freebsd.org/D3039
2015-07-27 13:17:57 +00:00
Marius Strobl
fecf9642ba - Probe UICLASS_CDC/UISUBCLASS_ABSTRACT_CONTROL_MODEL/0xff again. This
variant of Microsoft RNDIS, i. e. their unofficial version of CDC ACM,
  has been disabled in r261544 for resolving a conflict with umodem(4).
  Eventually, in r275790 that problem was dealt with in the right way.
  However, r275790 failed to put probing of RNDIS devices in question
  back.
- Initialize the device prior to querying it, as required by the RNDIS
  specification. Otherwise already determining the MAC address may fail
  rightfully.
- On detach, halt the device again.
- Use UCDC_SEND_ENCAPSULATED_{COMMAND,RESPONSE}. While these macros are
  resolving to the same values as UR_{CLEAR_FEATURE,GET_STATUS}, the
  former set is way more appropriate in this context.
- Report unknown - rather: unimplemented - events unconditionally and
  not just in debug mode. This ensures that we'll get some hint of what
  is going wrong instead of the driver silently failing.
- Deal with the Microsoft ActiveSync requirement of using an input buffer
  the size of the expected reply or larger - except for variably sized
  replies - when querying a device.
- Fix some pointless NULL checks, style bugs etc.

This changes allow urndis(4) to communicate with a Microsoft-certified
USB RNDIS test token.

MFC after:	3 days
Sponsored by:	genua mbh
2015-07-27 12:14:14 +00:00
Ed Schouten
af7e75f59d Add a futex implementation for CloudABI.
Summary:
CloudABI provides two different types of futex objects: read-write locks
and condition variables. There is no need to provide separate support
for once objects and thread joining, as these are efficiently simulated
by blocking on a read-write lock. Mutexes simply use read-write locks.

Condition variables always have a lock object associated to them. They
always know to which lock a thread needs to be migrated if woken up.
This allows us to implement requeueing. A broadcast on a condition
variable will never cause multiple threads to be woken up at once. They
will be woken up iteratively.

This implementation still has lots of room for improvement. Locking is
coarse and right now we use linked lists to store all of the locks and
condition variables, instead of using a hash table. The primary goal of
this implementation was to behave correctly. Performance will be
improved as we go.

Test Plan:
This futex implementation has been in use for the last couple of months
and seems to work pretty well. All of the cloudlibc and libc++ unit
tests seem to pass.

Reviewers: dchagin, kib, vangyzen

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D3148
2015-07-27 10:07:29 +00:00
Ed Schouten
533c8a29da Regenerate system call table. 2015-07-27 10:04:28 +00:00
Ed Schouten
f4c06d124f Sync in latest upstream system call definitions.
Futex object scopes have been renamed from using their own constants to
simply reusing the existing CLOUDABI_MAP_{PRIVATE,SHARED} flags, as they
are more accurate in this context.
2015-07-27 10:04:06 +00:00
Marcel Moolenaar
71d80fbaf3 Change the dev argument from a full path to just the device
identification (e.g. isa:0x3f0 or pci0:2:1:0). In libbus,
the device is turned into a path name. For bus_space_map(),
the resource is now specified in a second argument.
Before:
	bus.map('/dev/proto/pci0:2:1:0/pcicfg')
	busdma.tag_create('/dev/proto/pci0:2:1:0/busdma', ...)
Now:
	bus.map('pci0:2:1:0', 'pcicfg')
	busdma.tag_create('pci0:2:1:0', ...)
2015-07-26 21:37:31 +00:00
Glen Barber
582317b71d Document r285557, bsdinstall aligns zfs partitions on 1Mb boundaries.
Sponsored by:	The FreeBSD Foundation
2015-07-26 19:47:08 +00:00
Glen Barber
45c22431e0 Document r285642, ssh(1) hostname canonicalization before looking
for the host in known_hosts.
Add Dell, Inc. to sponsors.ent.

Sponsored by:	The FreeBSD Foundation
2015-07-26 19:47:05 +00:00
Glen Barber
4fde7cffaf Document r285679, bsdinstall(8) updates to workaround various
problematic BIOSes when booting from GPT, and partition scheme
selection in the UFS partition menu.

Sponsored by:	The FreeBSD Foundation
2015-07-26 19:47:02 +00:00
Glen Barber
d77ddeb88e Further refine the PAE_TABLES entry, based on feedback from
alc.

Sponsored by:	The FreeBSD Foundation
2015-07-26 17:57:35 +00:00
Marcel Moolenaar
9af0c69a15 Remove debugging output. We should have tracing instead. 2015-07-26 16:40:51 +00:00
Marcel Moolenaar
b2ce196ca1 o make sure the boundary is a power of 2, when not zero.
o   don't convert 0 to ~0 just so that we can use MIN. ~0 is not a
    valid boundary. Introduce BNDRY_MIN that deals with 0 values
    that mean no boundary.
2015-07-26 16:39:37 +00:00